axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kirill Safonov (JIRA)" <axis-...@ws.apache.org>
Subject [jira] [Updated] (AXIS-2856) Host provided by authenticator is treated incorrectly
Date Thu, 14 Jul 2011 21:21:00 GMT

     [ https://issues.apache.org/jira/browse/AXIS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kirill Safonov updated AXIS-2856:
---------------------------------

    Description: 
As of 1.5.1 AbstractHTTPSender.setAuthenticationInfo() obtains host from authenticator. Then
this value is used to:

1) Create NTCredentials instance. Here 'host' is expected to describe source party (Javadoc:
"The host the authentication request is originating from...")

2) Create AuthScope instance. Here 'host' is stored and AuthScope instance is later matched
with another instance provided by HttpMethodDirector.authenticateHost(), which uses host from
connection (points to target machine).

So, client has to pass server host to NTCredentials constructor, otherwise authentication
will not be performed as expected. This contradicts to Javadoc and also may cause problems
with NTLM authentication where client host name (and not server name) is part of the handshake
message.


  was:
As of 1.5.1 AbstractHTTPSender.setAuthenticationInfo() obtains host from authenticator. Then
this value is used to:

1) Create NTCredentials instance. Here 'host' is expected to describe source party (Javadoc:
"The host the authentication request is originating from...")

2) Create AuthScope instance. Here 'host' is stored and AuthScope instance is later matched
with another instance provided by HttpMethodDirector.authenticateHost(), which uses host from
connection which points to target machine.

So, client has to pass server host to NTCredentials constructor, otherwise authentication
will not be performed as expected. This contradicts to Javadoc and also may cause problems
with NTLM authentication where client host name (and not server name) is part of the handshake
message.



> Host provided by authenticator is treated incorrectly
> -----------------------------------------------------
>
>                 Key: AXIS-2856
>                 URL: https://issues.apache.org/jira/browse/AXIS-2856
>             Project: Axis
>          Issue Type: Bug
>          Components: Basic Architecture
>    Affects Versions: 1.5
>         Environment: any OS
>            Reporter: Kirill Safonov
>
> As of 1.5.1 AbstractHTTPSender.setAuthenticationInfo() obtains host from authenticator.
Then this value is used to:
> 1) Create NTCredentials instance. Here 'host' is expected to describe source party (Javadoc:
"The host the authentication request is originating from...")
> 2) Create AuthScope instance. Here 'host' is stored and AuthScope instance is later matched
with another instance provided by HttpMethodDirector.authenticateHost(), which uses host from
connection (points to target machine).
> So, client has to pass server host to NTCredentials constructor, otherwise authentication
will not be performed as expected. This contradicts to Javadoc and also may cause problems
with NTLM authentication where client host name (and not server name) is part of the handshake
message.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message